[aprssig] China Has Hijacked WA8LMF.com !! 2

Heikki Hannikainen hessu at hes.iki.fi
Tue Oct 12 02:25:44 EDT 2021


It seems that this has stopped a while ago.

The comments on the BG0GE-3 and BG0GE-6 stations say "9600&1200 Baud 
Nucleo-TNC TEST", and it is an aprx igate. Maybe he was using the test CD 
to actually test the Nucleo-TNC performance, but didn't figure out it is a 
bad idea to run it with a live igate.

Since wa8lmf.com is your old domain, could it perhaps be that the APRS 
test CD data actually contains old packets you have transmitted, which 
actually contained links to wa8lmf.com back then?

Maybe we should set up some sort of automatic detection/alarm/filtering 
when packets on the test CD appear on the APRS-IS... volunteers to write a 
detector client?

Also, Stephen, it might be good to post a big warning on top of 
http://wa8lmf.net/TNCtest/ and http://wa8lmf.net/TNCtest/getfile.htm 
saying that the file should never be used with a live igate, but just a 
local modem, and explaining that if the old data is transmitted by an 
igate, historic data will reappear and some people will be upset. It might 
reduce the chances of events like this a bit.

On Tue, 28 Sep 2021, Stephen Smith via aprssig wrote:

> Apparently BG0GE has noticed he is being filtered.   His SSID just jumped from -6 to -3  !
> Sent from my iPhone
>> On Sep 28, 2021, at 11:22 AM, wa7skg <wa7skg at wa7skg.com> wrote:
>> Sounds like time for a strike mission?
>> Lynn W Deffenbaugh (Mr) wrote on 9/28/21 7:59 AM:
>>> Sometime yesterday, BG0GE-6 quit injecting the old packets.  But I checked just now and they're back!  But this time, it's only going into firenet and not the mainstream APRS-IS.
>>> And I spoke too soon.  As I was typing this message, the packets starting showing up in both the APRS-IS and firenet again.  And now they're back to firenet only.  Maybe their configured APRS-IS server is disconnecting them?  Who knows.
>>> But according to my APRSIS32 packet counter, he's been steadily gating 1800-2000 packets per hour for the past 8 hours (as far back as APRSIS32 summarizes).
>>> BG0GE-6 via THIRD+
>>> 9600&1200 Baud Nucleo-TNC TEST
>>> I+G: 70+1692 74+1825 74+1996 76+2047 72+2071 76+2013 74+1999 74+1831
>>> Lynn (D) - KJ4ERJ - Author of APRSISCE for Windows Mobile and Win32
>>>> On 9/27/2021 6:46 PM, Stephen H Smith via aprssig wrote:
>>>> On 9/27/2021 6:20 PM, Kenneth Finnegan wrote:
>>>>> Looking at Internet Archive, it looks like wa8lmf.com <http://wa8lmf.com> has been dead for months if not years with various domain parking on it:
>>>>> http://web.archive.org/web/20210609210446/http://www.wa8lmf.com/
>>>> For some years, I used both WA8LMF.com and WA8LMF.net .   One time   WA8LMF.com  expired and a slimy domain squatter grabbed it instantly.   Not willing to pay the scammer to get it back, I proceeded to use just WA8LMF.net and forget about the .COM version.
>>>> [Actually, by the original scheme of things on the Internet, .NET is more appropriate anyway since I am doing communications operations on the Internet- not running a commercial business. Actually, I only used .COM in the early days of the Internet because so many people at that time thought EVERYTHING on the web had to end with .COM.]
>>>> I assumed that the squatter would ultimately tire of paying for a domain as unique and un-saleable as a ham call.  It never occurred to me that someone would actually buy it.....
>>>>> So the lesson here is to make sure that you don't let the registration for any domains you care about expire and sit unregistered for a long time, because these sorts of sites will sweep them up if there's any decent number of links to them... they probably weren't banking on your APRS comment back in the day, but here we are.
>>>>> *I strongly suspect that this domain registration has nothing to do with BG0GE accidentally gatewaying their TNC test runs onto the APRS-IS*. I've emailed them directly to stop I-gating the LMF CD.
>>>> I would have thought the same thing EXCEPT that the BG0GE-6 igate is now including the WA8LMF.COM domain in their comment..   Also, his email addy is BG0GE at 163.com .      163.com is one of the links on the home page of the porn site.
>>>> Again, I am baffled.  Why would one want to flog a porn site with an obscure ham call sign?
>> _______________________________________________
>> aprssig mailing list
>> aprssig at lists.tapr.org
>> http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org
> _______________________________________________
> aprssig mailing list
> aprssig at lists.tapr.org
> http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org

   - Hessu

More information about the aprssig mailing list